CSE5WIS Assignment 1
I.
INTRODUCTION
This practical lab assignment has three parts. You must undertake all three parts and submit the parts together in a single file.
II: PART A
This part is worth 20%.
Given the PCAP file4WAY_HANDSHAKE.PCAP, you are required to view the 4‐Way Handshake EAPOL‐Key frames that are used to generate the temporal keys used for encryption. You should use Wireshark on your computer to display the captured packets, showing a list of captured frames in the upper section of the screen, with each frame numbered sequentially in the first column.
The following questions must be addressed in your submission(show your screenshots)
- List MAC address of the supplicant and the Authenticator.
- 802.1X/EAP authentication
- Which line of the Wireshark shows the completion of 802.1X/EAP authentication? Why?
- What is the next process to follow?
- 4‐Way Handshake
- Filter the lines containing the EAPOL‐Key frames of the 4‐Way Handshake.
- Provide the steps and screenshot image of the result.
- In each line, what are the parameters sent to either AP or client?
REQUIRED RESOURCES
· PACP file (4WAY_HANDSHAKE.PCAP). It is found on the subject LMS (Lab section)
· Wireshark GUI, or
· Kali Linux Box to open PCP files
II.
PART B
This part is worth 40%.
WLAN design and implementation need proper management and technical considerations within an organisation. It is critical to developing a WLAN security policy that supports the long term organisational goal in governing WLAN technologies and operations.
You are required to develop a WLAN security policy for a virtual bank that has 100 employees across its 10 branches in a city. The number of wireless clients, including the customers’ devices, cannot exceed 50 nodes per branch per day.
The following template heading structure should be used for your submission.
TEMPLATE HEADING STRUCTURE:
- Overview of WLAN security
- Security components that are required for a strong WLAN security
- Trade-offs in WLAN security policy
- Scope
- Where is it applied?
- Applicable devices
- Premises
- WLAN standards
- Policy statement
- General Policy
- Why policy needed?
- Who implements the policy?
- Audience of the policy
- Potential WLAN security risks and financial impacts if compromised
- Auditing mechanisms
- Policy enforcement (Who enforces it? Actions taken for violations)
- Functional Policy
- Essentials such as password policies, etc
- WLAN security practices such as configuration checklist, testing procedures, etc
- What authentication, encryption, etc should be in place?
- Attack detection and alarming
- Government and industry regulations (Australia)
- Mandated regulations by gov and industries
- Policy Recommendations
- Remote Access WLAN Policy
- Rogue AP Policy
- Wireless LAN Proper Use Policy
- WIDS Policy
- Guest Access Policy
- BYOD Policy
III.
PART C
This part is worth 40%.
E-health hospital provides online healthcare service for patients. The employees of the hospital such as doctors, nurses and others use Wi-Fi in order to access patient and examination information. The main area of concern for risk analysis is the patient database server and the medicine database server keeping track of the patient and the medical information, respectively. The important security requirements are the availability of databases to employees and patients, and the confidentiality of patient information.
Assuming CORAS approach of risk analysis, identify and model:
- Using Asset, Threat, Risk, Treatment, and Treatment Overview diagrams
- Using the steps of risk analysis in CORAS framework
- Set scope and focus
- Describe the target (goals of analysis, target in use, customer’s view of the target)
- Understand assets and parties with their relationships (Asset diagram), and high-level analysisà rough list of unwanted incidents, threats, vulnerabilities, threat scenarios
- Rank assets, scale of risks, risk function and risk evaluation metrics
- Risk identification and estimation using Threat diagram (refine step c)
- Risk evaluation using risk diagram (acceptable risks for further evaluation for treatment)
- Risk treatment using treatment diagram
IV.
Deliverables
1. It’s an individual project assignment.
2. Include
your name and student ID
in the submission.
3. Clearly indicate the three separate parts and questions, where applicable.
4. Submit all three parts as a single Word/PDF file, including any appropriate screenshot images.
5. You should prepare and submit a report through Turnitin on LMS.
6. Deadline of submission: 24 May 11.55PM (end of Week 11)
7. Report structure:
Section 1: Introduction – State the purpose and objectives of the report.
Section 2: Part A (can include subsections)
Section 3: Part B (can include subsections)
Section 4: Part C (can include subsections)
Section 5: Conclusion – Summarize your findings according to the main points.
Section 6: References – Follow IEEE referencing style. Please provide in-text citations.
8. You need to present your work over the online Zoom on a date to be announced later.
Number of Words: 2
000 – 3000 – for all three parts.
Your word count should not include introduction, recommendation, conclusion, figure captions and references.
V.
General Marking Guideline
1.
Marking threshold
1.1
Excellent
: Student’s work is expected to demonstrate a very high level of knowledge and understanding of concepts, facts and application of knowledge within the scope of the subject.
1.2
Very Good:
Sudent’s work typically demonstrates a high level of knowledge and understanding of concepts, facts and application of knowledge within the scope of the subject.
1.3
Good:
Student’s work typically demonstrates a sound level of knowledge and understanding of concepts, facts and application of knowledge within the scope of the subject.
1.4
Acceptable:
Student’s work typically demonstrates a limited yet with an acceptable level of knowledge and understanding of concepts, facts and application of knowledge within the scope of the subject.
1.5
Unacceptable:
Student’s work typically demonstrates a limited level of knowledge and understanding of concepts, facts and application of knowledge within the scope of the subject.
2.
Marking rubric
Criteria
|
Ratings
|
Excellent
|
V. good
|
Good
|
Acceptable
|
Unacceptable
|
Criteria 1 : Conceptual Coverage
(max: 40%)
|
All relevant concepts are applied accurately, all clearly detailed showing excellent understanding of the subject.
Points: 36~40
|
|
All relevant concepts applied accurately, with mostly good detail showing strong understanding of the subject.
|
Points: 31~35
|
Not all but most important concepts are accurately applied. Some detail missing but to show understanding.
|
Points: 25~30
|
Some important concepts missing or applied wrongly, or with insufficient detail.
|
Points: 18~24
|
All or most concepts missing, with little or no detail.
|
Points:
|
Criteria 2 : Critical and well supported (max: 30%)
|
All points well supported. All support materials recent and respected.
Points: 26~30
|
All points well supported. Support materials mostly recent and respected
Points: 21~25
|
Not all but most important points well supported. Support materials mostly recent and respected
Points: 17~20
|
Some important points poorly or non supported. Some support materials poor.
Points: 10~16
|
All or most points not supported, most support materials poor.
Points:
|
Criteria 3 : Comprehension and consistency (max: 15%)
|
Response is very comprehensive & detailed and logically consistent.
Points: 14~15
|
Response is comprehensive & detailed and logically consistent.
Points: 12~13
|
Response is largely comprehensive & detailed, and key points logically consistent. Defects are minor and do not alter meaning.
Points: 9~11
|
Response misses some important points and details. Some logical inconsistencies.
Points: 7~8
|
Responses misses most important points and details. Some serious or many logical inconsistences
Points:
|
Criteria 4 : Report writting and professional presentation
(max: 15%)
|
Exceedingly meets report format requirements to a high standard, including clear structure, headings, word count (close to approximation), and no errors in referencing.
Points: 14~15
|
A very good standard of report format requirements should be fulfilled, including clear structure, headings, word count (close to approximation), and no (or very minor) errors in referencing.
Points: 12~13
|
Meets format requirements to a good standard, including structure, headings, word count (close to approximation), and no (or minor) errors in referencing.
Points: 9~11
|
Meets format requirements to a reasonable standard, but could be improved with a clearer structure, or may have better-met word count approximation. May have a few minor errors in referencing.
Points: 7~8
|
Did not meet format requirements, such as clear discussion titles or headings, word count, or too many errors in referencing.
Points:
|